SHIELD: Assessing Security-by-Design in Federated Data Spaces Using Attack Graphs

Alessandro Palma, Nikolaos Papadakis, Georgios Bouloukakis, Joaquin Garcia-Alfaro, Mattia Sospetti, Kostas Magoutis
February, 2025
PDF Cite Code Project

Abstract

Federated data spaces allow organizations to share and control their own data across various domains, but their exposure to cyber attacks has increased due to a surge in newly discovered vulnerabilities. Existing solutions to secure them focus on messaging protocol protection (e.g., using cryptographic means), but this is not sufficient. Attackers may exploit additional vulnerabilities to cause significant issues (e.g., disrupting the availability of services). To this end, we propose SHIELD, a security-by-design approach for federated data spaces, which leverages attack graphs and trust computation to mitigate the risks of cyber attacks. Mitigation is accomplished by proactively assessing the data spaces’ weaknesses and implementing security messaging measures to prevent detrimental attacks. A prototype implementation of SHIELD using publish/subscribe as a messaging mechanism is experimentally evaluated over a real architecture in a V2X (Vehicle-to-Everything) scenario.

Type
Conference paper
Publication
The 40th ACM/SIGAPP Symposium On Applied Computing (SAC)
Federated Data Spaces Security by Design Attack Graph Trust Management
Alessandro Palma
Alessandro Palma
Visiting PhD Student
Nikolaos Papadakis
Nikolaos Papadakis
PhD Student
Georgios Bouloukakis
Georgios Bouloukakis
Associate Professor

My research interests include middleware, internet of things, distributed systems.